DescriptionDo not allow HTTP refresh headers to refresh to javascript: URLs.
This behaviour has been standard in IE since IE7. This makes us both
more compatible and less vulnerable to XSS.
BUG=258151
R=abarth@chromium.org
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=153912
Patch Set 1 #
Messages
Total messages: 4 (0 generated)
|